0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
SpiderControl SCADA Web Server 2.02.0007 Improper Privilege Management Vulnerability
Author
Risk
[
Security Risk High
]0day-ID
Category
Date add
CVE
Platform
Vendor: SpiderControl Equipment: SCADA Web Server Vulnerability: Improper Privilege Management Advisory URL https://ipositivesecurity.com/2017/10/28/ics-spidercontrol-scada-web-server-improper-privilege-management-vulnerability/ ICS-CERT Advisory https://ics-cert.us-cert.gov/advisories/ICSA-17-250-01 CVE-ID CVE-2017-12728 ------------------------ AFFECTED PRODUCTS ------------------------ The following versions of SCADA Web Server, a software management platform, are affected: SCADA Web Server Version 2.02.0007 and prior. ------------------------ BACKGROUND ------------------------ Critical Infrastructure Sector: Critical Manufacturing Countries/Areas Deployed: Europe Company Headquarters Location: Switzerland ------------------------ IMPACT ------------------------ Successful exploitation of this vulnerability could allow authenticated system users to escalate their privileges under certain conditions. ------------------------ VULNERABILITY OVERVIEW ------------------------ IMPROPER PRIVILEGE MANAGEMENT CWE-269 Authenticated, non-administrative local users are able to alter service executables with escalated privileges which could allow an attacker to execute arbitrary code under the context of the current system services. CVE-2017-12728 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been assigned; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). ------------------------ Vulnerability Details ------------------------ 1. Untrusted Users Can Modify Windows Service Executables It is possible for non-administrative local users to replace some of the Windows Service executables with malicious programs. This could be abused to execute programs with the privileges of the Windows services concerned. The programs below have FILE_WRITE, WRITE_DAC or WRITE_OWNER permission granted to non-administrative users: SCADA Server (SCADAServer) runs the following program as LocalSystem: C:\WWW\ScadaWindowsService.exe: ALLOW \Everyone: FILE_WRITE_DATA C:\WWW\ScadaWindowsService.exe: ALLOW NT AUTHORITY\Authenticated Users: FILE_WRITE_DATA 2. Delete Permission Granted On Windows Service Executables It is possible for non-administrative local users to delete some of the Windows Service executables with malicious programs. This could lead to disruption or denial of service. The programs below have DELETE permission granted to non-administrative users: SCADA Server (SCADAServer) runs the following program as LocalSystem: C:\WWW\ScadaWindowsService.exe: ALLOW \Everyone: DELETE C:\WWW\ScadaWindowsService.exe: ALLOW NT AUTHORITY\Authenticated Users: DELETE 3. Append Permission Granted Windows Service Executables It is possible for non-administrative local users to append to some of the Windows Service executables with malicious programs. This is unlikely to be exploitable for .exe files, but is it bad security practise to allow more access than necessary to low-privileged users. The programs below have FILE_APPEND permission granted to non-administrative users: SCADA Server (SCADAServer) runs the following program as LocalSystem: C:\WWW\ScadaWindowsService.exe: ALLOW \Everyone: FILE_APPEND_DATA C:\WWW\ScadaWindowsService.exe: ALLOW NT AUTHORITY\Authenticated Users: FILE_APPEND_DATA +++++ Best Regards, Karn Ganeshen # 0day.today [2024-09-29] #